Current Setup: Offline Root CA with an Enterprise Subordinate/Issuing CA I am manually issuing certificates for user and computer certificates (pending status to issued status) and I'm curious how the renewal process works for when these certs expire a year from now. I understand that they'll try and auto-renew 6 weeks prior to the expiration date but since they need to be issued out manually how do the certs then get passed back to the clients once I've manually issued them? This kind of ties in with another question on what is the easiest way to get the user and computer certs to the client PC once they have been issued? When the process is automatic (certs or auto-enrolled at the issuing CA) the cert is added to the certificate store immediately but when its first in pending status the cert isn't there. Thanks for the info! Ryan

you need to configure autoenrollment in Group Policy. In that case autoenrollment will maintain certificate requests and automatically download available responses. However this will require several policy refresh attempts.http://en-us.sysadmins.lv